Widespread use of the Internet has led to creation of a membership Internet site which provides a service to limited members over the Internet and creation of a site which provides a different service on a user-by-user basis over the Internet (hereinafter, these sites will be referred to as “members-only sites” or simply as “sites”). The operators of these sites issue to each registered member or registered user (hereinafter referred to as a member) a unique ID (identification data) and a password (hereinafter, ID and password will be collectively referred to as individual authentication data).
When a certain member accesses a site from a terminal apparatus in order to use a service provided by the site, the site transmits to the terminal apparatus of the member a form for inputting individual authentication data and requests the member to input the individual authentication data. In response to the input request, the member manually inputs the individual authentication data by operating the terminal apparatus. The site receives the individual authentication data, and when the received individual authentication data are correct, authenticates that the service usage request from the terminal apparatus is a usage request from a member or the like. Thereafter, the user of the authenticated terminal apparatus can use a desired service provided by the site.
A user of a terminal apparatus which utilizes a plurality of such members-only sites must memorize a plurality of individual authentication data sets corresponding to respective services in order to utilize the services. When the individual authentication data sets to be used for a plurality of services are unified to common authentication data, the problem that the user must memorize a plurality of individual authentication data sets may be solved.
However, in actuality, individual authentication data do not have a unified format and/or an attribute and therefore differ among sites. For example, individual authentication data of a certain site may consist of an ID composed of 4 to 8 numeric characters only and a password composed of 8 to 12 alphabetic characters only; and individual authentication data of another site may consist of an ID only, which is composed of 9 to 10 alphanumeric characters. In many sites, members cannot select individual authentication data freely. Further, unification of individual authentication data among a plurality of sites is not desirable from the viewpoint of security. Accordingly, consolidating individual authentication data sets through unification thereof has been difficult.
Even when individual authentication data sets can be unified to a common set, the user's inconvenience of having to manually input individual authentication data when utilizing a members-only site has not been solved. For example, even in the case in which the user of a terminal apparatus has utilized a service of a certain members-only site upon input of certain individual authentication data and the user subsequently utilizes a service of another members-only site which accepts the same individual authentication data, the user must input the individual authentication data again.
Some methods are highly convenient for a user, because the methods eliminate necessity of inputting individual authentication data.
A first example method utilizes a terminal apparatus configured in such a manner that when the terminal apparatus receives a form for inputting individual authentication data, the terminal apparatus automatically inputs the individual authentication data into the corresponding input field. This method can eliminate the labor of the user required to input individual authentication data into the terminal apparatus.
However, in this case, since the individual authentication data is stored in the terminal apparatus, there is a possibility that a third party obtains the stored individual authentication data and uses it fraudulently. Further, this method is not preferable from the viewpoint of security.
A second example method utilizes a so-called global ID service.
This service provides means which enables a user to store, at the site which provides this service, a plurality of individual authentication data sets for a plurality of members-only sites to be used. When a user of this service logs in to the site by inputting an ID and a password over the Internet, the site provides, to an individual members-only site which the user wishes to utilize, individual authentication data that satisfy the requirements from the members-only site. In other words, users of this service are relieved of the necessity to manually input individual authentication data for each members-only site.
However, when the ID and password necessary for logging in to the global ID service are leaked, all the individual authentication data sets stored in the site are leaked simultaneously. That is, use of the global ID service increases the risk of leaking individual authentication data as compared with the case in which each user manages a plurality of individual authentication data sets.